<p>You can configure security group rules to permit or deny the network access from Dedicated Instances. This article describes how to configure security group rules.</p> <p><strong>Prerequisites</strong></p> <p>You have successfully created a security group. For more information, see Create a Security Group.</p> <p><strong>Procedures</strong></p> <p>1.&nbsp; Log in to the <a href="#https://pinganyun.com/console/dedicatedEcs/host" target="_blank">Dedicated Host Console</a>.</p> <p>2.&nbsp; In the left navigation pane, click <strong>Security Group</strong> to enter the <strong>Security Group</strong> page.</p> <p>3.&nbsp; Click the name of the target security group to enter the<strong> Instance</strong> tab.</p> <p>4.&nbsp; Click the <strong>Security Group Rules</strong> tab, and then click <strong>Create</strong>.</p> <p>5.&nbsp; On the <strong>Create Security Group</strong> page that opens, configure security group rules as described in the following table:</p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="background-color:#ededed; vertical-align:top"> <p><strong>Configuration item</strong></p> </td> <td style="background-color:#ededed; vertical-align:top"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Rule Direction</p> </td> <td style="vertical-align:top"> <p>Select a direction. Options are <strong>OUT </strong>and <strong>IN</strong>.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; <strong>OUT</strong>&mdash;Specifies the traffic from instances on the instance list in the VPC to the authorized IP addresses.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; <strong>IN</strong>&mdash;Specifies the traffic from the authorized IP addresses to instances on the instance list in the VPC.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Rule Type</p> </td> <td style="vertical-align:top"> <p>The default setting is Intranet.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Protocol Type</p> </td> <td style="vertical-align:top"> <p>Select a protocol type. Options are <strong>All</strong>, <strong>TCP</strong>, <strong>UDP</strong>, and <strong>ICMP</strong>.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; <strong>All</strong>&mdash;Select this option if all types of protocols are trusted.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; <strong>TCP</strong>&mdash;If you select this option, enter a port range and authorized IP addresses. Access to these ports will be permitted or denied.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; <strong>UDP</strong>&mdash;If you select this option, enter a port range and authorized IP addresses. Access to these ports will be permitted or denied.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; <strong>ICMP</strong>&mdash;If you select this option, enter only authorized IP addresses. The ping utility is used to test connectivity between instances.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Port Range</p> </td> <td style="vertical-align:top"> <p>Enter a port range. Supported characters in the port range can only be commas (,) and hyphens (-). Example: 1-200,203,280-289.</p> <p>For example, to open port 22, 201, and 210, enter <strong>22, 201-210</strong>.</p> <p><strong>Note:</strong></p> <p>For Windows Dedicated Instances, select TCP port type and open port 3389. For Linux Dedicated Instances, TCP port type and open port 22.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Authorized IP</p> </td> <td style="vertical-align:top"> <p>Enter authorized IP addresses in the format of IPv4 address/subnet mask, for example, 192.168.99.0/24.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Description</p> </td> <td style="vertical-align:top"> <p>Enter a description. A maximum of 50 characters are supported.</p> </td> </tr> </tbody> </table> <p>6.&nbsp; Click <strong>Confirm</strong>.</p> <p><strong>Note</strong>: Security group rules cannot be modified. If you need to update security group rules, you can only create new ones.</p> <p><strong>Result</strong></p> <p>You will see an <strong>Operation </strong><strong>s</strong><strong>ucceeded</strong> message at the bottom of the <strong>Create Security Group</strong> page and the newly created security group rule on the <strong>Security Group Rules</strong> tab.</p>